For EU citizens, GDPR requires that if you ask for it, a human has to review your case. (Article 22 "The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.")
I guess a lawyer can argue against this, but I'd say that losing access to a lifetime if mails is absolutely up there with "legal effects concerning him or her or similarly significantly affects him or her."
And from my own experience building software for government services, I can tell you this: In my experience in those systems it is not acceptable to just have a list where someone clicks “deny” all day. Or allow for that matter. We tried with a system were the rule is that the citizen gets <think they apply for> whenever all relevant demands are met. Legal was very clear: No automated decisions either way unless the relevant laws or regulations explicitly allow it, every case has to be reviewed independently — even when the outcome seems completely obvious to anyone who knows the field.
I guess a lawyer can argue against this, but I'd say that losing access to a lifetime if mails is absolutely up there with "legal effects concerning him or her or similarly significantly affects him or her."
And from my own experience building software for government services, I can tell you this: In my experience in those systems it is not acceptable to just have a list where someone clicks “deny” all day. Or allow for that matter. We tried with a system were the rule is that the citizen gets <think they apply for> whenever all relevant demands are met. Legal was very clear: No automated decisions either way unless the relevant laws or regulations explicitly allow it, every case has to be reviewed independently — even when the outcome seems completely obvious to anyone who knows the field.